CVE-2025-62360

HIGH

Wegia < 3.5.1 - SQL Injection

Title source: rule

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.

Exploits (1)

exploitdb WORKING POC

by onurdemir · bashwebappsphp

https://www.exploit-db.com/exploits/52483

View Code ZIP pw:eip

References (4)

[Patch] https://github.com/LabRedesCefetRJ/WeGIA/commit/7abbffd3915a64b97dde01954222fc0fbd804f70

View Patch ZIP pw:eip

[Issue Tracking, Vendor Advisory] https://github.com/LabRedesCefetRJ/WeGIA/issues/310

[Exploit, Vendor Advisory] https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m4j6-q5m4-x24g

[Exploit, Vendor Advisory] https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mwvv-q9gh-gwxm

Scores

CVSS v3 8.8

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (1)

wegia/wegia < 3.5.1

Timeline

Published Oct 13, 2025

Tracked Since Feb 18, 2026